diff --git a/vlib/os/README.md b/vlib/os/README.md
index bbfa0d3bdf..8e28792064 100644
--- a/vlib/os/README.md
+++ b/vlib/os/README.md
@@ -4,22 +4,20 @@
command line arguments, reading/writing files, listing folders,
handling processes etc.
-* * *
-
+---
### Security advice related to TOCTOU attacks
-A few `os` module functions can lead to the TOCTOU vulnerability if used incorrectly.
-TOCTOU (Time-of-Check-to-Time-of-Use problem) can occur when a file, folder or similar
-is checked for certain specifications (e.g. read, write permissions) and a change is made
-afterwards.
-In the time between the initial check and the edit, an attacker can then cause damage.
-The following example shows an attack strategy on the left and an improved variant on the right
-so that TOCTOU is no longer possible.
+A few `os` module functions can lead to the **TOCTOU** vulnerability if used incorrectly.
+**TOCTOU** (Time-of-Check-to-Time-of-Use problem) can occur when a file, folder or similar
+is checked for certain specifications (e.g. read, write permissions) and a change is made
+afterwards.
+In the time between the initial check and the edit, an attacker can then cause damage.
+The following example shows an attack strategy on the left and an improved variant on the right
+so that **TOCTOU** is no longer possible.
-
-Example
-Hint: `os.create()` opens a file in write-only mode
+**Example**
+*Hint*: `os.create()` opens a file in write-only mode
@@ -52,14 +51,15 @@ mut f := os.create('path/to/file') or {
f.close()
```
+
- Proven affected functions
+**Proven affected functions**
The following functions should be used with care and only when used correctly.
-* os.is_readable()
-* os.is_writable()
-* os.is_executable()
-* os.is_link()
+- os.is_readable()
+- os.is_writable()
+- os.is_executable()
+- os.is_link()